Centcom denies claims its computers were hacked

Computers are seen at the Joint Operations Center at Centcom headquarters at MacDill Air Force Base. Centcom on Friday denied claims by the Syrian Electronic Army that the group had hacked Centcom's computer system. TRIBUNE FILE

U.S. Central Command is denying a claim made today by a pro Assad hacking group that it penetrated the command’s computer system.

“Totally bogus,” said Oscar Seara, a Centcom spokesman, of claims tweeted by the Syrian Electronic Army shortly after noon that it was in the process of accessing Centcom’s computer system.

“Operation targeting #CENTCOM are now in motion due to Obama’s decision to attack #Syria with electronic warfare,” tweeted the group, which has been blamed for several major hacking incidents in support of Syrian leader Bashar al-Assad.

In a separate tweet, SEA posted a screen shot it claims is from a U.S. military computer system.

“This is part of an on-going operation and we have already successfully penetrated many central repositories,” SEA tweeted.

Pentagon officials did not immediately respond to a request for comment.

The information posted by SEA includes what appears to be unclassified information about U.S. military organizations, according to Bob Gourley, the first director of intelligence at the Pentagon’s cyber defense organization and former chief technology officer for the Defense Intelligence Agency, who reviewed the screenshot after a call from The Tribune.

The screenshot appears to contain information from the Army Knowledge Online website, said Gourley. AKO “provides corporate intranet services and single web portal to the United States Army,” according to its website. Files on the screenshot are from accounts about military organizations not specifically related to Centcom, including U.S Pacific Command, and various Navy, Army and Air Force operations.

Gourley said that, even if the claims were true, any access that SEA would have would be to unclassified areas and not the secure computer system called SIPRNET. Any entry would cause embarrassment, not a security concern, said Gourley, founder of Crucial Point LLC, a technology research, consulting and services firm.

“Maybe slightly above normal,” Gourley said of the level of concern Centcom officials should have regarding SEA.

If there was a breach, “I would call in everyone responsible for every public-facing web server and ask if they have implemented the most recent patches. I would ask the administrators to change passwords. It is a low-level response to a low-level threat.”

Gourley said that while Centcom’s denial is “probably right...Statistically if they have thousands of websites on servers around the globe there is a good chance that SEA has found a vulnerability in one of them. Certainly it is bogus in terms of SEA having any mission impact.”

SEA, in a tweet response to TBO.com, said “we didn’t publish everything we have and the operation is still on-going...”

SEA has caused havoc before.

Last month, Forbes acknowledged that its system was hacked by the group.

“Compared with the Chinese attack that penetrated the New York Times in 2012 or the cybercriminal theft of millions of credit card numbers from Target late last year, the SEA attack of Forbes doesn’t seem to have been technically complex,” according to a story published last month on the magazine’s website. “But the hackers were nonetheless clever and persistent enough to stay a step ahead of the media company’s security measures. A week later, Forbes staff still haven’t entirely ended a partial email and publishing lockdown designed to prevent the attackers from breaching the site again and limit the damage if they do regain access.”

SEA also claimed to have hacked into the Associated Press twitter account last year, posting a false tweet about the White House being hit by explosions that injured President Barack Obama, according to the Washington Post. That led to a “perilous but short-lived nosedive” on the New York Stock Exchange, according to The Post.

There were several attacks last year as well, according to FireEye, a cyber security firm:

July 15: SEA hacked the Swedish site Truecaller, home to the world’s largest online telephone directory, with over a billion phone numbers in over 100 countries. SEA claimed this attack also gave it access codes to more than a million Facebook, Twitter, LinkedIn, and Gmail accounts. The initial attack vector was an older, vulnerable version of WordPress.

July 21: SEA hacked the video and text messaging service Tango, stealing more than 1.5 terrabytes of data, including user information, true names, phone numbers, emails, and personal contacts for millions of accounts. Again, the attack vector was a vulnerable version of WordPress CMS (v 3.2.1), which gave SEA unauthorized access to the database server.

July 24: SEA hacked Viber, a free online calling and messaging application used by more than 200 million users in 193 countries. Viber acknowledged the attack, explaining that the initial compromise vector was an email phishing scam which enabled SEA to access two customer support sites. Thus far, the company has denied that private user information was lost

tbo (Tampa Bay Online) provides local news and information for Tampa, St. Petersburg, Clearwater and communities throughout Tampa Bay. Originally published by The Tampa Tribune, tbo is now among the portfolio of brands powered by the Tampa Bay Times.